This is an OpenPGP/MIME signed message (RFC 4880 and 3156)--===============8901824234587108106==Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7Xl0p85UnGQND2mLu6GCU78pSf5BhfQCM"

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10- Ubuntu 16.04 LTS- Ubuntu 14.04 LTS- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in NSS.

Software Description:- nss: Network Security Service library

Details:

It was discovered that NSS incorrectly handled certain invalidDiffie-Hellman keys. A remote attacker could possibly use this flaw tocause NSS to crash, resulting in a denial of service. This issue onlyapplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-5285)

This update refreshes the NSS package to version 3.26.2 which includesthe latest CA certificate bundle.

Update instructions:

The problem can be corrected by updating your system to the followingpackage versions:

Ubuntu 16.10: libnss3 2:3.26.2-0ubuntu0.16.10.1

Ubuntu 16.04 LTS: libnss3 2:3.26.2-0ubuntu0.16.04.2

Ubuntu 14.04 LTS: libnss3 2:3.26.2-0ubuntu0.14.04.3

Ubuntu 12.04 LTS: libnss3 2:3.26.2-0ubuntu0.12.04.1

This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use NSS, such as Evolution and Chromium, to make all the necessarychanges.